You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Possible infection with wsypwcil.exe (Trojan.Lebag)

I believe I am (have been?) infected with some malware after my Norton AntiVirus Liveupdate kicked in every 2 minutes or so. A full scan picked up a Malware which was quarantined (but I now cannot find the name of the malware)

I checked Windows Firewall and it is disabled - in attempting to enable it I got error:
"Windows Firewall can't change some of your settings Error code 0x080070422"

After some forum reading, I checked Windows Defender and this is also disabled, with error:
"The service cannot be started, either because it is disable or because it has no enabled devices associated with it. error Code 0x80070422"

I downloaded malwarebytes and did a complete system scan - it detected 3 further issues:

However Windows Firewall and Defender will not turn back on - I understand the registry files have been deleted? I run Norton Firewall anyway, but would like the Windows Firewall to at least operate correctly if I need it to.

Any help in checking I have no outstanding threats and resolving the issue would be greatly appreciated.

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.===

Third party programs if not up to date can be the cause infiltration of an infection.

Follow the prompts to reboot the computer. A text file will open after the restart.

Please post the content of that log file with your next answer.

You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

===

Get the latest version of the Adobe Reader.http://get.adobe.com/reader/Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

The windows firewall and defender program appear to now be operating correctly. I can see no "odd" behaviour on my PC from the malware if that makes sense (slow loading/freezing)- so if everything looks ok & healthy from the logs then perhaps there has been no further impacts other than fireewall and defender I hope.

I was curious as to what the locked registry keys were in the combo fix log above - is this a result of the Adware PUP?

Good to see there weren't any lasting effects then, I appreciate all your help. I've uninstalled as above and deleted the logs etc.
You guys do an amazing job - many thanks and I'll be making a donation.
Hopefully I won't have to come on here and request help again!
Cheers
Bex

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.